Tech 3 August 2018

Dennis Wafula

Bug bounty hunter exposes Monero bug enabling theft from exchanges

Privacy-centric altcoin Monero was discovered to have been carrying a bug that allows hackers to steal coins directly from cryptocurrency exchanges.

According to reports, the hackers managed to make use of old-fashioned social engineering to forge transaction data and use it to manipulate the support staff into crediting their accounts manually with extra XMR. The bug planted by the hackers multiplied the transactions, making it easier for the staff to approve dodgy transactions and credit these accounts. Reports showed that the attackers could exploit this repeatedly until they completely siphon all the money on an exchange.

Jason Rhineland, a Canadian Ph.D. candidate in Economics at Queens University, submitted a post on HackerOne revealing the system vulnerability. At the time of his post, the “business logic errors” are still active in Monero’s system. The bug was ranked 9 out of a possible 10, making it a “critical” in terms of severity.

Reports also show that the bug affected other Monero-based coins. According to reports, the attackers managed to steal ARQ coins from Altex, a wallet exchange desk. Altex has already alerted its users and all other virtual currencies in the ecosystem about the issue. It also suspended operations until proper measures have been put in place. It is yet unclear how much money the operator lost during the hack. The small operator said that they have suffered a big loss.

Reports on the HackerOne bug bounty program showed that five more operators have been affected by the recent attack on Monero’s system in the last 24 hours. The flaw has since been fixed in Monero’s system, but it is still unclear whether other affected systems have tackled the issue.

Bug bounty programs have helped stop many hacking threats by pointing out system shortcoming beforehand. Virtual exchanges and other cryptocurrency business are benefiting from these programs. Just a few weeks ago, bug bounties collected $24,000 in one week from four different blockchain projects.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Pakistan eyes blockchain for digitalization of government processes

Tech 18 April 2019

Pakistan eyes blockchain for digitalization of government processes

A meeting chaired by Pakistan Prime Minister Imran Khan discussed ways in which technologies such as blockchain could be used to ensure efficiency of government processes.

Read More
Accenture, Generali taps blockchain for employee benefits

Tech 18 April 2019

Accenture, Generali taps blockchain for employee benefits

Global management consulting firm Accenture has teamed up with Generali Employee Benefits to develop what they referred to as a unique employee benefits system powered by blockchain.

Read More
Bitcoin SV and the roadmap to Genesis

Tech 17 April 2019

Bitcoin SV and the roadmap to Genesis

Coming soon will be a network upgrade called Quasar, which is currently scheduled for July 24 and centers on increased scaling capabilities.

Read More